Loading...
Loading...
Hosts cannot authenticate to AAA server.
- EAP-TLS is used by end-points creating a need to generate Radius packet >1500B which eventually lead to packet fragmentation (this occurs also when jumbo frames are configured on the switch), - fragmented packets are load-balanced per-packet (not per-flow) and can be dropped if there is some security devices in between switch and AAA server which cannot reconcile radius packets coming on different interfaces leading to packet drop.
a) configure: "ip cef load-sharing algorithm original" which will force all packets to go the same path b) disable redundant links on the switch towards AAA server.
As per current design, application should not inject packet greater than 1500. It application needs to inject packets greater than 1500, use above workarounds.
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.